- 🇩🇪Germany Anybody Porta Westfalica
This has already been fixed and released, status was wrong.
- Status changed to Fixed
9 months ago 5:59pm 25 March 2024
This purpose of the module is to check if a http-request contains an api_key which is assigned to a drupal-user. The API Key can be included as a query parameter, as http-header or as parameter in the body of the http message.
When testing a http POST request with content-type application/x-www-form-urlencoded
, like below, it is not possible to parse the api key from the request body.
POST /georeport/v2/requests.xml
Content-Type: application/x-www-form-urlencoded
foor=bar&api_key=abcdef123
if you add the API Key as a query parameter to a request, the current code parses the query parameter as form_api_key
<?php
$form_api_key = $request->get('api_key');
if (!empty($form_api_key)) {
return $form_api_key;
}
The actual check is never reached:
$query_api_key = $request->query->get('api_key');
if (!empty($query_api_key)) {
return $query_api_key;
}
Apply a fix to parse the \Symfony\Component\HttpFoundation\Request $request
object correctly. The method to access the form encoded api key is $request->request->get('api_key');
-
-
-
-
Fixed
3.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This has already been fixed and released, status was wrong.